From b1486c1de72fb27762538038adbb49debf5c6d5c Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Mon, 29 Dec 2025 22:07:19 +0000
Subject: [PATCH] increase leakspeed on 403 rule [ci skip]

---
 modules/kubernetes/crowdsec/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/kubernetes/crowdsec/main.tf b/modules/kubernetes/crowdsec/main.tf
index e3cb5566..ec61a073 100644
--- a/modules/kubernetes/crowdsec/main.tf
+++ b/modules/kubernetes/crowdsec/main.tf
@@ -35,7 +35,7 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" {
       description: "Detect IPs triggering too many HTTP 403s in NGINX ingress logs"
       filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.status == '403'"
       groupby: "evt.Meta.source_ip"
-      leakspeed: "30s"
+      leakspeed: "2s"
       capacity: 10
       blackhole: 5m
       labels: